package com.bluesimon.wbf.authentication;

import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.lang.annotation.Annotation;

/**
 * 拦截器实现请求鉴权; 默认通过，只有带有 @Authentication注解的请求才需要权限控制
 * 对Controller层的 @RestController api做校验
 * Created by Django on 2017/11/29.
 */
public class AuthenticationHandlerInterceptor extends HandlerInterceptorAdapter {

    @Resource
    AuthenticationService authenticationService; //引入权限服务接口

    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        if (handler instanceof HandlerMethod) {
            HandlerMethod handlerMethod = (HandlerMethod) handler;
            Annotation clsAnno = handlerMethod.getBeanType().getAnnotation(RestController.class);
            if (clsAnno instanceof RestController) {
                Annotation annotation = handlerMethod.getMethod().getAnnotation(Authentication.class);
                if (annotation instanceof Authentication) {
                    Authentication authentication = (Authentication) annotation;
                    Authentication.Authority authority = authentication.name();
                    //TODO: 谁  什么请求(模块，业务)  什么权限; 此处交由权限控制中心处理
                    if (null != authenticationService) {
                        boolean hasAuth = authenticationService.checkApi();
                        if (!hasAuth) {
                            throw new Exception("无权限");
                        }
                    }
                }
            }
        }
        return true;
    }

}
